A system may provide an access control model to manage access rights associated with data items (such as documents, etc.) that it distributes to recipients. The model helps reduce the risk that unauthorized entities may gain access to the data items.
An on-line type of access control model uses centralized policy infrastructure to control the dissemination of data items. For example, in this approach, a recipient may request a license from the centralized policy infrastructure to gain access to a data item. The centralized policy infrastructure can consult policy information to determine whether the recipient is entitled to receive the data item. If so entitled, the centralized policy infrastructure may provide a use license to the recipient. The use license enables the recipient to access the data item, typically for a limited amount of time. However, this type of model does not readily accommodate a scenario in which the user wishes to access data items in an off-line manner. In an off-line setting, the recipient may not have access to the centralized policy infrastructure.
Other access control models address the above-noted issues by distributing cryptographic keys to recipients. For example, one type of model provides an access graph that includes a collection of nodes. The nodes define respective access classes. The model assigns keys to the respective nodes in the access graph. The model can grant a recipient access to a particular access class by giving that recipient a key that is associated with a corresponding node in the access graph. This model may therefore enable a user to access data items in an off-line mode of operation (e.g., by distributing appropriate keys to the user in advance). However, among other possible shortcomings, this model may have limitations in its ability to efficiently and flexibly express different types of policy considerations that will govern access to data items.